Skip to content

Add Claude Code GitHub Workflow #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cedarconnor merged 2 commits into from
Oct 21, 2025
Merged

Add Claude Code GitHub Workflow #1

cedarconnor merged 2 commits into from
Oct 21, 2025

Conversation

@cedarconnor
Copy link
Owner

@cedarconnor cedarconnor commented Oct 21, 2025

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

  • Bug fixes and improvements
  • Documentation updates
  • Implementing new features
  • Code reviews and suggestions
  • Writing tests
  • And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

  • This workflow won't take effect until this PR is merged
  • @claude mentions won't work until after the merge is complete
  • The workflow runs automatically whenever Claude is mentioned in PR or issue comments
  • Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

  • Our Anthropic API key is securely stored as a GitHub Actions secret
  • Only users with write access to the repository can trigger the workflow
  • All Claude runs are stored in the GitHub Actions run history
  • Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
  • We can add more allowed tools by adding them to the workflow file like:
allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

@cedarconnor cedarconnor merged commit 46ecaba into master Oct 21, 2025
1 check passed
@claude
Copy link

claude bot commented Oct 21, 2025

Code Review: Claude Code GitHub Workflow Integration

Overview

This PR adds two GitHub Actions workflows to integrate Claude Code into the repository. The implementation is well-structured and follows GitHub Actions best practices.

Positive Aspects

Code Quality

  • Clean YAML structure with good formatting
  • Helpful commented-out examples for optional features
  • Proper minimal permissions with correct scoping
  • Uses official actions (actions/checkout@v4, anthropics/claude-code-action@v1)

Security

  • Correct secret handling via GitHub secrets
  • Permission scoping with read-only access where appropriate
  • No hardcoded credentials
  • Smart conditional execution filtering

Critical Issues (Must Fix)

1. Missing Write Permission (.github/workflows/claude-code-review.yml:23-25)

Issue: The workflow will FAIL when trying to use gh pr comment because it lacks write permissions.

Current permissions only grant pull-requests: read, but posting comments requires pull-requests: write.

Fix: Change to pull-requests: write

Severity: HIGH - Will cause workflow failures

2. Insufficient Allowed Tools (.github/workflows/claude-code-review.yml:56)

Issue: The review workflow cannot read files or analyze code!

Current allowed tools only include gh commands. Claude cannot:

  • Read code files in the PR
  • Read CLAUDE.md (mentioned in the prompt)
  • Use Glob/Grep to search codebase
  • Analyze actual implementation

Fix: Add file access tools:

claude_args: '--allowed-tools "Read,Glob,Grep,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

Severity: HIGH - Cannot perform meaningful code review

Important Issues (Should Fix)

3. Inconsistent Permissions Between Workflows

The two workflows have different permissions (claude.yml has actions: read, claude-code-review.yml does not).

Recommendation: Both should have consistent permissions including actions: read for CI results.

Severity: MEDIUM

4. No Timeout Configured

Neither workflow specifies a timeout. If Claude encounters an issue, workflows could run for hours.

Recommendation: Add timeout-minutes: 15 (or 20 for general tasks)

Severity: MEDIUM

Low Priority Suggestions

  • Add failure notifications for better UX
  • Consider explicit permission checks for security
  • Add workflow status badges to README
  • Add inline comments explaining why each permission is needed

Recommendation

Request Changes: The workflows need the two critical fixes above to function:

  1. Add pull-requests: write permission to claude-code-review.yml
  2. Add Read,Glob,Grep to allowed tools in claude-code-review.yml

The PR is otherwise well-designed with excellent documentation. Once these are fixed, it will be ready to merge!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cedarconnor